The ever-increasing number of vehicles on streets and roads can cause heavy traffic, waste time, exacerbate traffic collisions, and make both drivers and passengers experience irreversible loss of life and property [1, 2]. The implementation of vehicular ad-hoc networks (VANETs) is among the most effective solutions to smartification of transportation systems and reduction of traffic collisions. In fact, a VANET is a self-organizing ad-hoc network [3, 4] that establishes vehicle-to-vehicle (V2V) communications through the dedicated short-range communication (DSRC) technology based on the IEEE 802.11p standard [1, 2].
Classified as a branch of the mobile ad-hoc network (MANET), a VANET is an IoT application. There are many similarities between a VANET and a MANET; for instance, both networks can be implemented without needing any infrastructure. Their nodes perform routing operations throughout the networks without needing any central hubs [5–7]. The other specific features of a VANET include the large number of nodes, continuous and numerous movements of nodes with unpredictable density, unlimited movement patterns of nodes, network vastness, wireless communication, momentary and time-dependent information value, rapidly consecutive variations in network topologies, information broadcast, and very short delays [3–7].
Communications in a VANET are mostly classified as five categories: vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), infrastructure-to-infrastructure (I2I), vehicle-to-pedestrian (V2P), and vehicle-to-everything (V2X) [10–14]. Furthermore, autonomous cars in this network can drive an entire route or part of a route in a mutual interaction known as vehicle platooning, which can improve the efficiency of traffic flow, reduce fuel consumption, and increase driving security [15, 16]. All vehicles in a platoon disseminate cooperative awareness messages (CAMs) periodically to inform other vehicles. Each CAM contains different pieces of information such as a vehicle ID (VID), a vehicle MAC address, and a vehicle’s position [17].
Although a VANET meets all security requirements such as authentication, integrity, information availability, non-repudiation, and confidentiality, this network is vulnerable to attacks by intruders both inside and outside the network due to its wireless nature and vast dimensions. These attacks can cause irreversible loss of life and property and threaten the health of drivers, passengers, and users of a VANET. In particular, interior intruders can cause devastating damage because they are authenticated as authorized users and have accurate information about the network [18–20].
Jamming and spoofing attacks are two types of destructive attacks on VANETs. In fact, a jamming attack is intended to prevent the reception of data in a receiver. Intruders employ different methods such as the continuous transmission of random bits and the transmission of a high-strength or noisy signal over a communication frequency channel to increase the traffic network, raise interference in the packets sent to a receiver, and destabilize the frequency band. Jamming attacks reduce the signal-to-noise ratio (SNR) and decrease the quality of a transmitted signal, thereby disconnecting V2V and V2I communications in VANETs [21–23]. In spoofing attacks, an intruder sends disinformation to a receiver vehicle to deceive it. For instance, a GPS spoofing attack starts by sending fake signals at the same time as genuine signals. An intruder then dominates a receiver by increasing the strength of phishing signals and forces the receiver to receive the information regarding a false position [21].
Intrusion detection systems (IDSs) are among the most important methods of detecting and confronting security threats to VANETs. In fact, an IDS can immune a VANET to various threats and harms of attacks through the early detection of malicious behaviors by monitoring the network and analyzing user behaviors [24]. Intrusion detection systems are classified as five categories in terms of their detection methods. In a signature-based IDS, there is a databank containing the records regarding the signs of malicious nodes and attacks to match any new events and behaviors inside the network with its data. In a watchdog-based IDS, a few network nodes are considered the support nodes to watch and monitor the surrounding traffic flow in order to analyze the behaviors of surrounding nodes. An anomaly-based IDS uses the normal behaviors of nodes inside a network as a basic criterion and detects any contradictory behavior as a malicious anomaly [25–27]. If an intrusion detection system benefits simultaneously from signature-based and anomaly-based approaches, it will be classified as a hybrid-based IDS.
However, an IDS generally performs weakly in a communication network due to having a single layer. In other words, an IDS focuses merely on the threats to one layer of the network and ignores the threats to the other layers. In fact, a major security hole in a VANET is caused by the fact that an IDS focuses only on one layer. Called the cross-layer-based IDS, the fourth type of an intrusion detection system is designed in a way that it can focus on multiple layers of a network and confront the relevant threats [25]. This type of an IDS is more advanced than the other three types, for it is more efficient and more accurate in detection.
The paper is organized as follows. Section 2 reviews the research literature on the intrusion detection systems in VANETs, and Section 3 presents the proposed topology and the designated scenario. The detection features are introduced in Section 4, and the proposed system is introduced in the Section 5. Finally, the results are analyzed in Section 6.